CVE-2026-24316

creationtimestamp| type| source ---|---|--- 2026-03-10 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0256/ 2026-03-12 03:00:05+00:00| seen| https://support.sap.com/en/my-support/knowledge-base/security-notes-news/march-2026.html...

CVE-2026-24313

creationtimestamp| type| source ---|---|--- 2026-03-10 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0256/ 2026-03-12 03:00:05+00:00| seen| https://support.sap.com/en/my-support/knowledge-base/security-notes-news/march-2026.html...

CVE-2026-27687

creationtimestamp| type| source ---|---|--- 2026-03-10 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0256/ 2026-03-12 03:00:05+00:00| seen| https://support.sap.com/en/my-support/knowledge-base/security-notes-news/march-2026.html...

CVE-2026-24317

creationtimestamp| type| source ---|---|--- 2026-03-10 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0256/ 2026-03-12 03:00:05+00:00| seen| https://support.sap.com/en/my-support/knowledge-base/security-notes-news/march-2026.html...

SUSE CVE-2015-2282

Stack-based buffer overflow in the LZC decompression implementation CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows...

Cross site scripting

Cross site scripting XSS vulnerability in SAP Enterprise Portal 7.50 allows remote attackers to inject arbitrary web script or HTML, aka SAP Security Notes 2469860, 2471209, and 2488516...

CVE-2016-1911

Multiple cross-site scripting XSS vulnerabilities in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to the 1 Runtime Workbench RWB or 2 Pmitest servlet in the Process Monitoring Infrastructure PMI, aka SAP Security Notes 2206793 and 2234918...

Sql injection

Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.1418659308 allow remote authenticated users to execute arbitrary SQL commands via the 1 remoteSourceName in the dropCredentials function or unspecified vectors in the 2 setTraceLevelsForXsApps...

[ERPSCAN-15-004] SAP NetWeaver Portal XMLValidationComponent - XXE

ERPSCAN Research Advisory ERPSCAN-15-004 SAP NetWeaver Portal XMLValidationComponent - XXE Application: SAP NetWeaver Portal 7.31 Versions Affected: SAP NetWeaver Portal 7.31, probably others Vendor URL: http://SAP.com Bugs: XML eXternal Entity Sent: 06.11.2014 Reported: 06.11.2014 Vendor respons...

CVE-2015-5067

The 1 Cross-System Tools and 2 Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes 2059659 and 2057982...

CVE-2015-5067

The CVE-2015-5067 entry affects SAP NetWeaver, specifically the Cross-System Tools and Data Transfer Workbench components. The root cause is hardcoded credentials within these tools, enabling remote access via unspecified vectors. This is supported by multiple sources (NVD/CNVD/PRION/CVE lists) r...

CVE-2015-4160

SQL injection vulnerability in SAP ASE Database Platform allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes: 2152278...

CVE-2015-4159

The CVE-2015-4159 entry concerns SAP HANA Web-based Development Workbench with an SQL injection vulnerability. The affected component is the Web-based Development Workbench in SAP HANA, where remote attackers can submit specially crafted SQL commands to manipulate or obtain data. The root cause i...

Nearly 95% of SAP Systems Vulnerable to Hackers

More than 95 percent of enterprise SAP installations exposed to high-severity vulnerabilities that could allow attackers to hijack a company's business data and processes, new research claims entirely. According to a new assessment released by SAP short for Systems, Applications & Products...

SAP NetWeaver Portal XMLValidationComponent - XXE

Application: SAP NetWeaver Portal Versions Affected: SAP NetWeaver Portal 7.31.201109172004 Vendor URL: http://www.sap.com Bugs: XML External Entity Reported: 06.11.2014 Vendor response: 07.11.2014 Date of Public Advisory: 15.02.2015 Reference: SAP Security Note 2093966 Authors: Vahagn Vardanyan...